Ransomware Attacks Affect Sturdy Memorial Hospital and UF Health

Sturdy Memorial Hospital in Attleboro, MA is notifying 57,379 patients about a computer security incident that occurred on February 9, 2021 in which patient data was stolen. According to the hospital’s breach notice, an unauthorized individual gained access to its systems but the hospital secured those systems later that day.

The individual demanded a ransom payment to prevent the exposure/sale of data stolen in the attack. The hospital took the decision to pay the ransom and received assurances all stolen data would be permanently destroyed and would not be further disclosed. It is unclear whether this was simply a data theft incident or whether ransomware had been used in the attack.

Third party computer forensics experts were engaged to investigate the breach, and a review was conducted to determine what patient data was compromised. The review was completed on April 21, 2021 and all affected individuals started to be notified on May 28, 2021.

Sturdy Memorial Hospital said that in addition to its own patients, some patient data from other healthcare provider partners – Harbor Medical Associates, South Shore Medical Center, and providers affiliated with South Shore Physician Hospital Organization – was also compromised.

The types of patient information compromised varied from patient to patient and may have included one or more of the following data elements: Name, address, phone number, date of birth, Social Security number, driver’s license number, other government ID number, financial account number, routing number, bank name, credit card number and security code, Medicare Health Insurance Claim numbers, medical history information, treatment or diagnosis information, procedure or diagnosis codes, prescription information, provider name, medical record number, Medicare/Medicaid number, health insurance information, and treatment cost information. Sturdy Memorial Hospital said its electronic health record system was not affected.

Complimentary credit monitoring and identity protection services are being offered to individuals whose Social Security number or driver’s license number was compromised in the attack. Additional safeguards and technical security measures have now been implemented at Sturdy Memorial Hospital to better protect and monitor its IT systems.

UF Health Ransomware Attack Affects The Villages and Leesburg Hospitals

University of Florida Health (UF Health) has been forced to adopt downtime procedures following a ransomware attack on May 31, 2021. Staff switched to pen and paper to record patient information with access to computer systems and email not possible due to the attack.

The attack affected The Villages and Leesburg Hospitals, and was identified by UF Health Central Florida on the evening of May 31 when unusual activity was detected on its computer servers. The attack does not appear to have affected the Gainesville and Jacksonville campuses.

The attack is being investigated and efforts are underway to ensure systems and data are secured. Medical services at all UF Health locations continue to be provided and patient safety has not been affected. It is currently unclear whether the attackers stole patient data prior to the use of ransomware to encrypt files.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.